CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

PT-2026-40812

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...

CVE-2025-14554

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-14554 Sell BTC - Cryptocurrency Selling Calculator <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

EUVD-2025-206583

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-2244

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/updatestatus.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to...

CVE-2022-31329

Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php...

CVE-2022-41408

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/vieworder...

CVE-2022-41407

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/vieworder...

CVE-2024-33977

Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'...

CVE-2024-33977

Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'...

CVE-2024-33957

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter...

CVE-2024-33957 SQL injection in Janobe E-Negosyo System

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter...

CVE-2024-33977 Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'...

PT-2024-25589 · Unknown · E-Negosyo System

Name of the Vulnerable Software and Affected Versions: E-Negosyo System version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server. This could enable the retrieval of all information stored in the id variable i...

Young Entrepreneur E-Negosyo System SQL注入漏洞

Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System by janobe individual developers. A SQL injection vulnerability exists in Young Entrepreneur E-Negosyo System version 1.0. An attacker can use this vulnerability to send a specially crafted query to the server and retriev...

PT-2024-25609 · Unknown · E-Negosyo System

Name of the Vulnerable Software and Affected Versions: E-Negosyo System version 1.0 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via the view parameter...

Young Entrepreneur E-Negosyo System 跨站脚本漏洞

Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System by janobe individual developers. A cross-site scripting vulnerability exists in Young Entrepreneur E-Negosyo System version 1.0. An attacker can create a specially crafted URL and send it to a victim to obtain their...